How to allow OpenVPN (W10) client to use DNS server (BIND9) that resides on (Ubuntu 16.04) OpenVPN server?
by grigory from LinuxQuestions.org on (#4QGE3)
Hello!
I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with 4G USB modem.
When I choose to use Google DNS during OpenVPN installation then I can surf the Internet via OpenVPN just fine (on my OpenVPN client W10 machine). But if I choose to use a current DNS settings (ie. my own BIND9 server), then I can connect from client to server, but DNS doesn't work. I know that I must edit config file of OpenVPN server server.conf AND to also edit client.ovpn client's OpenVPN file too. And I don't know exactly whether my DNS server (BIND9) is properly configured to play this kind of role.
When I go to W10's CMD and do ipconfig /all I do see DNS server with a correct IP of my BIND9 (it's a public IP of my Ubuntu machine, actually). Nevertheless, DNS doesn't work on a client machine and I couldn't find a complete step-by-step manual how to enable this scheme.
I added this line to OpenVPN config NDD^1D:
push "dhcp-option DNS 10.8.0.1"
And DNS on the client side still doesn't work.
When I tried to nslookup cnn.com in W10 terminal, then I saw:
*** Unknown can't find cnn.com: Query refused
When I check two log files of BIND9 I see this lines:
In BIND9's quiry log file I do see these lines:
17-Sep-2019 00:17:36.679 queries: info: client 10.8.0.2#64118 (1.0.8.10.in-addr.arpa): query: 1.0.8.10.in-addr.arpa IN PTR + (10.8.0.1)
17-Sep-2019 00:17:36.704 queries: info: client 10.8.0.2#64119 (cnn.com): query: cnn.com IN A + (10.8.0.1)
17-Sep-2019 00:17:36.737 queries: info: client 10.8.0.2#64120 (cnn.com): query: cnn.com IN AAAA + (10.8.0.1)
17-Sep-2019 00:17:36.785 queries: info: client 10.8.0.2#64121 (cnn.com): query: cnn.com IN A + (10.8.0.1)
17-Sep-2019 00:17:36.804 queries: info: client 10.8.0.2#64122 (cnn.com): query: cnn.com IN AAAA + (10.8.0.1)
It's after I tried to nslookup CNN site
And when I in the browser try to open say BBC site I see those lines:
17-Sep-2019 00:21:47.325 queries: info: client 10.8.0.2#56585 (bbc.co.uk): query: bbc.co.uk IN A + (10.8.0.1)
17-Sep-2019 00:21:47.355 queries: info: client 10.8.0.2#56585 (bbc.co.uk): query: bbc.co.uk IN A + (10.8.0.1)
And BTW in BIND9's debug log file I see these lines:
17-Sep-2019 00:21:37.285 security: info: client 10.8.0.2#51516 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
17-Sep-2019 00:21:37.290 security: info: client 10.8.0.2#51516 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
17-Sep-2019 00:21:47.325 security: info: client 10.8.0.2#56585 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
17-Sep-2019 00:21:47.355 security: info: client 10.8.0.2#56585 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
AND
7-Sep-2019 00:17:20.944 security: info: client 10.8.0.2#64114 (cnn.com): query (cache) 'cnn.com/A/IN' denied
17-Sep-2019 00:17:20.976 security: info: client 10.8.0.2#64115 (cnn.com): query (cache) 'cnn.com/AAAA/IN' denied
I have Ubuntu 16.04 (Desktop Edition) with OpenVPN server and BIND9 installed. I used a script when I installed OpenVPN. My OpenVPN client is a W10 netbook with 4G USB modem.
When I choose to use Google DNS during OpenVPN installation then I can surf the Internet via OpenVPN just fine (on my OpenVPN client W10 machine). But if I choose to use a current DNS settings (ie. my own BIND9 server), then I can connect from client to server, but DNS doesn't work. I know that I must edit config file of OpenVPN server server.conf AND to also edit client.ovpn client's OpenVPN file too. And I don't know exactly whether my DNS server (BIND9) is properly configured to play this kind of role.
When I go to W10's CMD and do ipconfig /all I do see DNS server with a correct IP of my BIND9 (it's a public IP of my Ubuntu machine, actually). Nevertheless, DNS doesn't work on a client machine and I couldn't find a complete step-by-step manual how to enable this scheme.
I added this line to OpenVPN config NDD^1D:
push "dhcp-option DNS 10.8.0.1"
And DNS on the client side still doesn't work.
When I tried to nslookup cnn.com in W10 terminal, then I saw:
*** Unknown can't find cnn.com: Query refused
When I check two log files of BIND9 I see this lines:
In BIND9's quiry log file I do see these lines:
17-Sep-2019 00:17:36.679 queries: info: client 10.8.0.2#64118 (1.0.8.10.in-addr.arpa): query: 1.0.8.10.in-addr.arpa IN PTR + (10.8.0.1)
17-Sep-2019 00:17:36.704 queries: info: client 10.8.0.2#64119 (cnn.com): query: cnn.com IN A + (10.8.0.1)
17-Sep-2019 00:17:36.737 queries: info: client 10.8.0.2#64120 (cnn.com): query: cnn.com IN AAAA + (10.8.0.1)
17-Sep-2019 00:17:36.785 queries: info: client 10.8.0.2#64121 (cnn.com): query: cnn.com IN A + (10.8.0.1)
17-Sep-2019 00:17:36.804 queries: info: client 10.8.0.2#64122 (cnn.com): query: cnn.com IN AAAA + (10.8.0.1)
It's after I tried to nslookup CNN site
And when I in the browser try to open say BBC site I see those lines:
17-Sep-2019 00:21:47.325 queries: info: client 10.8.0.2#56585 (bbc.co.uk): query: bbc.co.uk IN A + (10.8.0.1)
17-Sep-2019 00:21:47.355 queries: info: client 10.8.0.2#56585 (bbc.co.uk): query: bbc.co.uk IN A + (10.8.0.1)
And BTW in BIND9's debug log file I see these lines:
17-Sep-2019 00:21:37.285 security: info: client 10.8.0.2#51516 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
17-Sep-2019 00:21:37.290 security: info: client 10.8.0.2#51516 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
17-Sep-2019 00:21:47.325 security: info: client 10.8.0.2#56585 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
17-Sep-2019 00:21:47.355 security: info: client 10.8.0.2#56585 (bbc.co.uk): query (cache) 'bbc.co.uk/A/IN' denied
AND
7-Sep-2019 00:17:20.944 security: info: client 10.8.0.2#64114 (cnn.com): query (cache) 'cnn.com/A/IN' denied
17-Sep-2019 00:17:20.976 security: info: client 10.8.0.2#64115 (cnn.com): query (cache) 'cnn.com/AAAA/IN' denied